The present document relates to adaptive traffic encryption. In particular, the present document relates to encryption of optical signals for flexible optical networks by using hybrid encryption.
Known encryption solutions for optical networks are fixed with respect to their end points. The optical network elements communicating with each other, e.g. client interfaces or endpoints of an optical link, implement a static encryption function in order to encrypt the payload transmitted between said optical network elements. Thereby, the optical network elements are connected to each other in a static way. Optical network encryption is typically implemented by a line encryption, i.e. encrypting a certain channel of a wavelength division multiplex (WDM) link, or by client encryption, e.g. transmitting a client signal between two optical network elements. The encryption parameters needed to encrypt the payload are provided by a central instance, e.g. a network management system or key management entity. Specifically, said central instance provides the encryption key(s) to optical network elements by means of which the payload is encrypted, and optionally policies for key replacement, e.g. after a certain key lifetime.
For setting up the static relation between the concerned optical network elements in order to obtain an encrypted optical transmission path, related encryption parameters, e.g. the encryption keys, are configured to the optical network elements from the central instance. This is a complex and time-consuming process, as the encryption parameters need to be generated and transmitted in a safe and secure way to the optical network elements. Each break in safety and security of key generation, transmission and implementation breaks the security of the signal encryption.
Typically, symmetric encryption schemes are used, e.g. Advanced Encryption Standard (AES) encryption, that require the same key for encryption and decryption. Therefore the encryption parameters have to be transmitted separately to the optical network elements because said optical network elements are located at different locations.
Above mentioned approach is unsuitable for flexible optical networks, i.e. an optical network with frequently changing connections between a plurality of optical network elements, because each time after a connection reconfiguration, a time-consuming process for providing encryption parameters to the optical network elements has to be performed. Because of the operational complexity of this process, said connection reconfiguration may be performed only slowly, limiting the responsiveness of the network to service requests changing the connection reconfiguration.
A general drawback of symmetric encryption schemes is that in case a key is compromised, i.e. known to an un-authorized third-party, this third-party can perform a man-in-the-middle attack, gaining access to the unencrypted (clear) payload and potentially modifying it without an option for the legitimate optical network element or user to notice this attack.
Thus, there is a need to provide for an improved flexible traffic encryption scheme for optical networks which provides a short response time after requesting a connection reconfiguration paired with a high availability and reliability of the encrypted services in the optical network.
According to a first aspect, a transmitting optical network element is described. The transmitting optical network element may comprise an encrypting entity which is adapted to encrypt a payload signal received by the transmitting optical network element. Said payload signal may be, for example an Ethernet signal or a WDM link of an optical transport system. The transmitting optical network element further comprises an interface for receiving key information from a key management entity. The key management entity may be a central instance for providing key information for the transmitting optical network element and other network elements. Preferably said key management entity provides the key information at the setup of the transmitting optical network element. After said setup, no exchange of key information between the transmitting optical network element and the key management entity is necessary, but may optionally be done in support of key replacement, e.g. as part of key lifetime policies.
In order to store the received key information, the transmitting optical network element further comprises storage means for storing at least a public key received by the key management entity wherein the public key is associated with a receiving optical network element being connected to the transmitting optical network element via an optical network in order to transmit data. Preferably, the key information is asymmetric key information consisting of an associated pair of keys, namely a public key and a private key.
Furthermore, the transmitting optical network element comprises a key generation entity configured for generating a symmetric encryption key. Based on the asymmetric key information provided by the key management entity and said symmetric encryption key, the transmitting optical network element is adapted to perform a hybrid encryption scheme resulting in a highly flexible reconfiguration of the optical system after a demand for reconfiguration or connectivity change.
In order to perform the hybrid encryption scheme, the transmitting optical network element may comprise means for and/or be adapted to encrypt a received payload to be transmitted to the receiving optical network element using the generated symmetric encryption key. The transmitting optical network element may further encrypt the generated symmetric encryption key using the public key of the receiving optical network element. Using a symmetric encryption scheme allows for a quick and nearly simultaneous encryption of the payload data, whereas the secured exchange of the symmetric encryption key is performed using asymmetric encryption because the speed requirements in exchanging the symmetric encryption key are much lower than the speed requirements for encrypting the payload.
After encryption, the encrypted payload and the encrypted symmetric encryption key may be transmitted via an optical network to the receiving optical network element by the transmitting optical network element.
The main advantage of the proposed transmitting optical network element is that it allows for high connection flexibility in the encrypted optical network without the need of a central instance to be involved during connectivity changes. Thereby, connectivity changes can be performed in a short period of time t, preferably t<200 ms, most preferably t<50 ms. Thereby a highly available, quick and reliable encrypted optical network is obtained.
A further advantage of the proposed transmitting optical network element is that no transfer of symmetric encryption keys between a central instance and the transmitting or receiving optical network elements is necessary. Thereby the risk of a key getting compromised and the risk of man-in-the-middle attacks are reduced.
According to embodiments, the optical network comprises a plurality of receiving optical network elements. The storage means of the transmitting optical network element are adapted to store a private key associated with said transmitting optical network element and the public keys of all receiving optical network elements that are configured to receive data of said transmitting optical network element or that are expected to receive data in the future. Said private key and said public keys may be provided by the key management entity to the transmitting optical network element. By means of the public key of the respective receiving optical network elements, the transmitting optical network element is able to encrypt information, e.g. the symmetric encryption key, in order to transmit the information to the respective receiving optical network element. Preferably, the transmitting optical network element is adapted to choose the appropriate public key depending on the currently selected receiving optical network element to communicate with. Only the currently selected receiving optical network element is able to decrypt the encrypted symmetric encryption key with its own private key.
According to embodiments, in case of a connectivity change from a first receiving optical network element to a second receiving optical network element, the transmitting optical network element is adapted to generate a new symmetric encryption key for encrypting the payload and to encrypt the new symmetric encryption key using the public key of the second receiving optical network element. The new symmetric encryption key may be generated by a cryptographically secure pseudo-random number generator (CSPRNG), wherein the new symmetric encryption key may be a pseudo-random number. Said CSPRNG may be implemented in hardware or software, e.g. in a process or, field-programmable gate array (FPGA), operating system, etc. . . . Preferably, the CSPRNG is located in the encryption entity or close to the encryption entity of the transmitting network element, thus avoiding the communication of the generated symmetric encryption key over potentially unsecure and unsafe channels. After generation of the new symmetric encryption key and encrypting said symmetric encryption key with the public key of the second receiving optical network element, the encrypted new symmetric encryption key is transmitted to the second receiving optical network element which is then able to decrypt the encrypted new generated symmetric encryption key using its own private key. By using the decrypted new generated symmetric encryption key, the second receiving optical network element is able to decrypt the encrypted payload (encrypted with the new generated symmetric encryption key) thereby obtaining the decrypted payload. Thus, a change of connectivity may be achieved without the involvement of an external, central instance.
According to embodiments, the encrypted symmetric encryption key or at least a part of the encrypted symmetric encryption key is transmitted simultaneously and/or continuously with the encrypted payload. Thereby, the time window for changing the setup of connectivity may be decreased. Preferably, the encrypted payload is transmitted in a payload section of a data frame, and the encrypted symmetric encryption key is transmitted using an overhead section within said data frame or otherwise embedded in the data frame. The data frame may be for example the ODUk (Optical Channel Data Unit-k) of an optical transport network (OTN). The encrypted symmetric encryption key may be transmitted embedded in some or all data frames.
According to embodiments, the transmitting optical network element may comprise means for authenticating the key information received from a key management entity, e.g. using the means of a public-key infrastructure (PKI).
The transmitting optical network element may further create a signature of a shared secret only known by the transmitting optical network element and the receiving optical network element. Any shared secret may be used for this purpose. Further, the transmitting optical network element may encrypt the signature with its own private key and transmit the encrypted signature to the receiving optical network element in order to authenticate itself at the receiving optical network element. This authentication may be done at least once upon setup of the service between the transmitting optical network element and the receiving optical network element. Preferably, the authentication is done more frequently, e.g. regularly in fixed time intervals.
In order to authenticate the transmitting optical network element, the receiving optical network element may receive a signature of a shared secret only known by the transmitting optical network element and the receiving optical network element, wherein the signature is encrypted by the private key of the transmitting optical network element. The receiving optical network element may decrypt the signature with the public key of the transmitting optical network element, which is known to the receiving optical network element, and generate a second signature of the shared secret. Next, the decrypted signature is compared with the second signature in order to authenticate the transmitting optical network element. Thereby, the acting transmitting and receiving optical network elements are authenticated and men-in-the-middle or denial-of-service attacks can be prohibited.
According to embodiments, the transmitting optical network element is configured to create the signature of a shared secret by applying a cryptographic hash function on this information. Thereby, the symmetric encryption key can be used as shared secret because the hashed symmetric encryption key cannot be decrypted even if un-authorized network element may receive this information. Thus, the symmetric encryption key can be used for encrypting the payload as well as for authorizing the acting transmitting and receiving optical network elements. Optionally, additional information may be used to form the shared secret, e.g. parts of the payload, or counter values that are synchronized between the transmitting optical network element and the receiving optical network element.
According to embodiments, the transmitting optical network element and/or the receiving optical network element are adapted as transceivers. Preferably, the transceiver comprises an encrypting entity for encrypting the payload to be transmitted and a decrypting entity for decrypting a received payload. Thereby it's possible to establish a bidirectional encrypted optical communication link between at least two of said transceivers. Said transceivers may use the same symmetric encryption key or different symmetric encryption keys for encrypting and decrypting the payload of the two respective directions of the bidirectional link.
According to a further aspect, a receiving optical network element is described. The receiving optical network element may be connected to a transmitting optical network element in order to receive data. The receiving optical network element may comprise a decrypting entity; an interface for receiving key information from a key management entity; and storage means for storing at least its own private key received by the key management entity. Furthermore the receiving optical network element may receive an encrypted symmetric encryption key and an encrypted payload; decrypt the received symmetric encryption key generated and transmitted by the transmitting optical network element using its own private key; and decrypt the received encrypted payload using the decrypted received symmetric encryption key.
According to embodiments, the receiving optical network element may comprise storages means adapted to store at least its own private key and at least one public key received by the key management entity wherein the public key is associated with a transmitting optical network element being connectable to the receiving optical network element in order to transmit data. Preferably, the storage means may be adapted to store a plurality of public keys associated with other optical network elements of the optical network in order to be ready to receive an encrypted symmetric key from one of the other optical network elements for setting up a network connection with this optical network element.
According to a further aspect, a method for encrypted transmission of data in an optical network comprising a transmitting optical network element and a receiving optical network element is described. The method comprises receiving of asymmetric key information from a key management entity by the transmitting optical network element and the receiving optical network element. The asymmetric key information received by the transmitting optical network element comprises at least the public key of the receiving optical network element and the asymmetric key information received by the receiving optical network element comprises at least the private key of said receiving optical network element.
Further, receiving a payload to be encrypted by the transmitting optical network element; generating a symmetric encryption key by means of a key generation entity of the transmitting optical network element; and encrypting the payload using the generated symmetric encryption key by means of the transmitting optical network element may be provided. The method may comprise encrypting the generated symmetric encryption key by means of the transmitting optical network element using the public key of the receiving optical network element; transmitting the encrypted payload and the encrypted symmetric encryption key to the receiving optical network element; decrypting the symmetric encryption key by the receiving optical network element using the private key; and decrypting the encrypted payload by the receiving optical network element using the decrypted symmetric encryption key.
According to embodiments, the optical network comprises a plurality of optical network elements, namely at least one transmitting optical network element and a plurality of receiving optical network elements and the transmitting optical network element and each receiving optical network element receive its own private key and the public keys of all other optical network elements in order to be ready to receive an encrypted symmetric key from one of the other optical network elements for setting up a network connection with this optical network element.
According to embodiments, the encrypted symmetric encryption key is transmitted simultaneously and/or continuously to the receiving optical network element, thereby allowing a continuous update of the symmetric encryption key, e.g. in case of a symmetric encryption key having validity for only a limited time, e.g. if said symmetric encryption key is a session key which is renewed periodically (after a certain period of time, e.g. after ten minutes) or after occurrence of a certain event (e.g. a new network configuration).
According to embodiments, in case of a connectivity change from a first receiving optical network element to a second receiving optical network element, the transmitting optical network element performs the following steps: encrypting the symmetric encryption key by using the public key of the second receiving optical network element instead of using the public key of the first receiving optical network element; generating a new symmetric encryption key; encrypting the payload with the new symmetric encryption key; and encrypting the new symmetric encryption key by using the public key of the second receiving optical network element.
The second receiving optical network element may perform the following steps: decrypting the new symmetric encryption key with its own private key; and decrypting the payload using the decrypted symmetric encryption key.
It should be noted that the methods and systems including its embodiments as outlined in the present patent application may be used stand-alone or in combination with the other methods and systems disclosed in this document. Furthermore, all aspects of the methods and systems outlined in the present patent application may be arbitrarily combined. In particular, the features of the claims may be combined with one another in an arbitrary manner.